Senior Infrastructure Engineer, Cloud Security
About The Position
Rocket Money is seeking a Senior Infrastructure Engineer, Cloud Security to lead the security-facing evolution of their platform. The role involves owning the security posture of their cloud infrastructure, which handles billions of transactions and terabytes of data daily. Key responsibilities include evolving AWS account strategy, VPC design, workload segmentation, managing firewalls and edge security, enhancing IaC security scanning and pipeline security, and developing strategies for vulnerability management, misconfiguration detection, and SIEM. The engineer will also set security standards for AI products and tooling, and contribute to day-to-day cloud infrastructure tasks like Terraform reviews and on-call rotations. This role is crucial for ensuring the company can securely support millions of users at scale.
Requirements
- 6+ years of hands-on cloud engineering experience, with substantial time spent on cloud security in production (IAM, network architecture, blast-radius reduction, vulnerability management).
- Proficient in writing production Terraform, with experience authoring custom IaC security scanning rules, pinning module versions, and hardening CI/CD pipelines.
- Deep experience in at least one major cloud (AWS preferred, GCP acceptable), including account strategy, network design, and least-privilege IAM.
- Experience treating detection as a product and consolidating vulnerability and misconfiguration programs.
- Experience evaluating SIEM approaches (vendor-hosted, self-operated, or hybrid) and making principled choices.
- Understanding of secure defaults and paved roads as effective security measures.
- Understanding of the security implications of LLMs, agents, and AI-enabled developer tooling, and ability to set a reasonable bar for their safe adoption.
- Ability to work well on a collaborative Cloud Infrastructure team and partner effectively with InfoSec, IT, and parent-company security functions.
Nice To Haves
- Led a cloud security migration or modernization project, defining vision, approach, and delivering implementation.
- Built or open-sourced internal security tooling, libraries, or scanning rules.
- Experience translating compliance frameworks (SOC 2, PCI-DSS, or GLBA) into engineering controls without creating friction for development teams.
- Hands-on experience securing production AI or ML systems (prompt injection defenses, agent sandboxing, model supply chain risk).
Responsibilities
- Evolve AWS account strategy, VPC design, and workload segmentation as infrastructure footprint grows.
- Own firewalls and edge security strategy across the cloud footprint.
- Enhance IaC security scanning, Terraform module governance, and pipeline security for infrastructure deployments.
- Own and evolve vulnerability management, misconfiguration detection, and SIEM strategy.
- Set the security bar for AI products and AI-adjacent developer tooling, in partnership with product, InfoSec, and IT.
- Contribute to day-to-day Cloud Infrastructure work, including Terraform reviews, platform backlog, and on-call rotation.
Benefits
- Health, Dental & Vision Plans
- Competitive Pay
- 401k Matching
- Unlimited PTO
- Lunch daily (in-office only)
- Snacks & Coffee (in-office only)
- Commuter benefits (in-office only)
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
